Posted in

Apple Releases Security Updates After Fixing WebKit Vulnerabilities Discovered Using AI Tools

Apple has released a new round of security updates for iOS, iPadOS, macOS, and Safari, addressing more than 30 vulnerabilities across its ecosystem. Among the patched issues are multiple flaws in the WebKit browser engine, several of which were discovered with the help of artificial intelligence tools.

The updates come as Apple continues to tighten its security response timeline amid growing concerns that AI-assisted exploitation could significantly reduce the time attackers need to weaponize vulnerabilities.

AI-Assisted Discovery of WebKit Flaws

Apple confirmed that four of the newly patched WebKit vulnerabilities were identified using AI-powered security tools, including systems based on Anthropic Claude and OpenAI Codex Security.

The company noted that AI is increasingly being used in vulnerability research, both by defenders and potentially by attackers, accelerating the overall pace of security discovery and exploitation.

WebKit Vulnerabilities Patched

The WebKit engine, which powers Safari and other Apple applications, received fixes for several high-impact security issues, including memory corruption, out-of-bounds writes, and use-after-free bugs.

The key vulnerabilities include:

  • CVE-2026-43707 – Memory corruption that could cause a crash when processing malicious web content. Fixed with improved memory handling.
  • CVE-2026-43716 – An unspecified flaw that could lead to Safari crashes when processing malicious content. Addressed through improved memory handling.
  • CVE-2026-43745 – An out-of-bounds write issue that could lead to crashes when handling malicious web input. Fixed with better input validation.
  • CVE-2026-43715 – A use-after-free vulnerability that could result in memory corruption. Mitigated through improved memory management.

Apple credited OpenAI Codex Security for the discovery of the first three issues, while researchers Milad Nasr and Nicholas Carlini, along with Claude-based tools, were acknowledged for identifying CVE-2026-43715.

Additional WebKit Security Fixes

Beyond these four flaws, Apple patched nearly 30 additional issues in WebKit. These include:

  • A use-after-free vulnerability in WebKit Canvas (CVE-2026-43720)
  • A sandbox bypass issue that could allow restricted web content to be processed outside its security boundaries (CVE-2026-43725)

These vulnerabilities primarily affect how Safari handles web content and could have allowed attackers to trigger crashes or escape security restrictions under specific conditions.

Kernel-Level Vulnerabilities Addressed

Apple also resolved several serious kernel-related vulnerabilities that could be exploited by malicious applications. These flaws include:

  • CVE-2026-43722 – Could allow an app to leak sensitive kernel information
  • CVE-2026-43724 – Could lead to unexpected system termination or kernel memory modification
  • CVE-2026-39868 – Could result in kernel memory corruption

Security researcher Hyunwoo Kim, known for discovering the “Dirty Frag” issue, was credited with reporting two of the kernel vulnerabilities.

Devices and Software Affected

Apple has made the fixes available across multiple platforms, including:

  • iOS 26.5.2
  • iPadOS 26.5.2
  • macOS Tahoe 26.5.2
  • Safari 26.5.2

The company confirmed that none of the patched vulnerabilities are currently known to be actively exploited in the wild.

Apple Speeds Up Security Response Due to AI Threats

Apple stated that it is accelerating the release of security updates in response to the growing influence of artificial intelligence in cybersecurity. The company noted that AI tools could significantly shorten the time required for attackers to develop exploits.

According to Apple, the goal is to reduce the gap between vulnerability disclosure and patch availability, ensuring users receive protection as quickly as possible.

This shift reflects a broader industry concern that AI may compress the traditional “patch window,” increasing the urgency for faster defensive updates.

Final Outlook

The latest updates highlight Apple’s continued focus on strengthening its platform security, particularly in core components like WebKit and the kernel. While no active exploitation has been reported, the breadth of fixes underscores the importance of keeping devices updated to the latest software versions.

Leave a Reply

Your email address will not be published. Required fields are marked *